computer-use-agents
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill implements a bash tool (BetaToolBash20241022) and uses the pyautogui library to provide direct, programmatic control over the operating system GUI and shell environment.
- DATA_EXFILTRATION (MEDIUM): The 'capture_screenshot' method captures the entire desktop state as base64-encoded image data, which is then processed by an external LLM, leading to the exposure of any sensitive information visible on the screen.
- REMOTE_CODE_EXECUTION (HIGH): The inclusion of 'bash' and 'str_replace_editor' tools enables an AI model to write, modify, and execute arbitrary scripts on the underlying host or container.
- INDIRECT_PROMPT_INJECTION (LOW): As a vision-language agent, the skill is vulnerable to instructions embedded in screenshots (e.g., malicious text on a website) that could hijack the agent's logic. (Evidence: Ingestion point in capture_screenshot; Capabilities: bash/pyautogui; No input sanitization or boundary markers identified).
- EXTERNAL_DOWNLOADS (SAFE): The provided Dockerfile uses standard, trusted repositories for Ubuntu and Python package installations.
Recommendations
- AI detected serious security threats
Audit Metadata